If you despair about Netgear support and security you are not alone: -1. With Windows 10 Fall update 2019 SMB 1.0 is automatically removed from your PC as unsafe.2. If you read the Microsoft thread about this, they have been warning for a long time that it is a security issue: -support.microsoft.com/en-us/help/2696547/detect-enable-disable-smbv1-smbv2-smbv3-in-windows-and-windows-server 3. Has Netgear done anything to either warn users or update its firmware? Absolutely not. You just find out that after the Windows Update Raidar no longer allows you to browse your drive through Windows File Explorer. Wonderful.4. The fix is to go to Windows services, ignore the security warnings and enable SMB 1.0. So Netgear forces you to risk being the victim of ransomeware etc. 5. Worse perhaps, although you can see your shares in a browser, you will be warned that the certificate used by Netgear is unsafe. Carry on at your own risk. In other words, the firm cannot even be bothered to update its certificate, never mind deal with an appropriate software update - despite the warning from Micorosoft. 6. It took me ages to find the above, albeit unsatisfactory, solution and that was only thanks to the pop ups from Microsoft guiding me to the problem.

The Duo v1 was discontinued in 2011; the Duo v2 was discontinued in 2013. Netgear ended firmware updates for both models in 2017 (similar to Microsoft ending support for Windows 7). Both models have much less memory than currently shipping ReadyNAS, and both have slow CPUs by modern standards. Neither has hardware support for AES encryption and authentication, so performance with SMB 3 would be very slow (and likely isn't possible at all on the v1 - it's hardware design is very old). Newer ReadyNAS (including the entry level RN212) support SMB 3. They also get regular security updates (including hot fixes pushed by Netgear). FWIW, SMB 3 isn't enough to protect you from ransomware. Generally ransomware comes in through your PC, and it can spread to the NAS if the PC can access it. SMB 3 helps in enterprise networks (because it can limit the spread of the ransomware if you have a lot of PCs). But (IMO) it doesn't help much on home networks. The best approaches are to use secure cloud backup (which generally does include some ransomware protection), or to have local backups of your data that can't be accessed by your PCs. Running real-time malware protection on the PCs can also help - though new malware might still get through. Woodfield wrote: 5. Worse perhaps, although you can see your shares in a browser, you will be warned that the certificate used by Netgear is unsafe. Carry on at your own risk. In other words, the firm cannot even be bothered to update its certificate, never mind deal with an appropriate software update - despite the warning from Micorosoft. You misunderstand certificates. Netgear can't provide a CA certificate for your NAS - because that certificate declares that Netgear owns it and that it is under their administrative control. Which of course isn't the case. Only you can get and install a CA certificate for your NAS. The process isn't easy (and that doesn't have anything to do with Netgear). What Netgear can do is generate a self-signed certificate. That does allow the use of encrypted https, but it is vulnerable to man-in-the middle attacks (for instance, an evil server that intercepts transactions going to your bank website). Generally that's not a real threat on a home network - but it is a big problem with internet-hosted servers (and that is why the browsers give you those warnings). BTW, I do still have a Duo v1 (and an NV+ v1) in service. Both are used as secondary backups for my primary NAS (an RN526). SMB is disabled on them altogether, they back up selected shares on the main NAS using rsync.

Woodfield wrote:1. With Windows 10 Fall update 2019 SMB 1.0 is automatically removed from your PC as unsafe. Afraid, you seem to be very new to Windows 10 and all it's development and enhancement over the year. This started to happen years ago already, not much change on the Win 10 Fall Update (which is still a work in progress and not released for production). FMI start your reading here: https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows Woodfield wrote:2. If you read the Microsoft thread about this, they have been warning for a long time that it is a security issue: Where was a lot written about a security vulnerabiity which affected both Windows and OS using SAMBA. In fact, the fixes were available in the field even before this made it to the public and a lot of copycats pushing started to make a lot of noise which appears to scare people until November 2019 (and it will continue much longer). Woodfield wrote:3. Has Netgear done anything to either warn users or update its firmware? Absolutely not. You just find out that after the Windows Update Raidar no longer allows you to browse your drive through Windows File Explorer. Wonderful.Netgear released a firmware update back in 2017 also for your NAS addressing the CVE-2017-7494 vulnerability.^which allowed to access and write to any shared folders even if the users wasn't authorized.Woodfield wrote:4. The fix is to go to Windows services, ignore the security warnings and enable SMB 1.0. So Netgear forces you to risk being the victim of ransomeware etc. The "big" vulnerability was fixed on both Windows and SAMBA source code - and deployed https://kb.netgear.com/000038792/RAIDiator-Version-4-1-16-Sparc Still, and shared folder legally accessible on a NAS, a Windows PC or Server, on a business class storage systems, ... can be encrypted by malware. Dropping SMB 1.0 does not change a s**t. Woodfield wrote:5. Worse perhaps, although you can see your shares in a browser, you will be warned that the certificate used by Netgear is unsafe. Carry on at your own risk. In other words, the firm cannot even be bothered to update its certificate, never mind deal with an appropriate software update - despite the warning from Micorosoft. Well explained by StephenB above already.Woodfield wrote:6. It took me ages to find the above, albeit unsatisfactory, solution and that was only thanks to the pop ups from Microsoft guiding me to the problem. I won't talk of the fact that SMB1 isn’t modern or efficient - many features have made it to the higher protocol versions. Some would (massively) help on these underpowered NAS system like yours - however, it has never happened. Other features are simply out of scope, like protocol signing or encryptionEnabling the CIFS/SMB 1.0 feature can be done in a very easy way on the Windows 10 systems: Just add/enable the CIFS/SMB 1.0 Client feature.There are many legit reasons why users can and must continue using the SMB 1.0 [Items 1..3 stolen from a Microsoft blog, and extended:You’re still running XP or WS2003 under a custom support agreement.You have old management software that demands admins browse via the so-called ‘network' aka 'network neighbourhood’ master browser list.You run old multi-function printers with old firmware in order to “scan to share”.You operate legacy storage systems, legacy NAS models, ... only supporting SMB 1.0/CIFS.

schumaku wrote: The "big" vulnerability was fixed on both Windows and SAMBA source code - and deployed https://kb.netgear.com/000038792/RAIDiator-Version-4-1-16-Sparc Woodfield - I'm not sure if you have a v1 or a v2 (your title says one thing, your model number field says something else). schumaku's link (4.1.16) is for the fix on the v1. It was also fixed on the v2 at the same time (5.3.13) - that link is here: https://kb.netgear.com/000038794/RAIDiator-arm-Version-5-3-13-for-ReadyNAS-Duo-v2-NV-v2 If you aren't running the final firmware for your NAS, then you should update it.

Thank you StephenB and schumaku for your replies. Much appreciated. However, when you write "This started to happen years ago already, not much change on the Win 10 Fall Update" I am afraid that does not accord with my experience. Prior to the update Radiator worked and I could browse the V1 (my version error but prompted by the infexibility in the way Netgear gives options). After the update Radiator would not locate and allow me to browse. Adding back the support for the protocol solved the issue but took me ages to find. My real grouse is with a vendor attitude that says what you have got is old; and therefore we could not care less. Go and buy a new one. That is both wasteful and arrogant. My drive works fine and, yes, I also back up everything to OneDrive.

Woodfield wrote: However, when you write "This started to happen years ago already, not much change on the Win 10 Fall Update" I am afraid that does not accord with my experience. Microsoft announced they were deprecating SMB1 in 2014. They got much more serious about it in May 2017, when WannaCry exploited some vulnerabilities. FWIW, Netgear did fix those security issues in 5.3.13. In the fall 2017 release of Windows 10 (1709), Microsoft stopped installing SMB1 by default in new installs of Windows 10. They also put in automatic removal of SMB1 if it wasn't used for 15 days. https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows At that point, we began seeing the SMB1 connectivity issues in this forum that you just ran into. The Duo v2 was discontinued by Netgear in 2013 - before Microsoft announced the deprecation plans, and well before they implemented it in Windows 10. I agree it would have been nice to have SMB 3 support in the older NAS. But SMB 3 would have reduced the performance of the older NAS, and it would have been quite a bit of work to add it. FWIW, I think that Netgear was struggling to fully support the three quite different platforms (4.1.x sparc, 4.2.x intel, 5.3.x arm) they had in the field before they launched OS-6, and (in my opinion) one reason they consolidated down to one going-forward platform (OS 6) was to solve that problem. In any event, all vendors (including Microsoft) do drop older platforms regularly. Though it is annoying if you have an older product that is still working well for you.

ReadyNAS Duo v2 Windows 10 2019 Fall Update SEcurity and Shares

20 Replies

StephenB
Guru
Oct 31, 2019
The Duo v1 was discontinued in 2011; the Duo v2 was discontinued in 2013. Netgear ended firmware updates for both models in 2017 (similar to Microsoft ending support for Windows 7).

Both models have much less memory than currently shipping ReadyNAS, and both have slow CPUs by modern standards. Neither has hardware support for AES encryption and authentication, so performance with SMB 3 would be very slow (and likely isn't possible at all on the v1 - it's hardware design is very old).

Newer ReadyNAS (including the entry level RN212) support SMB 3. They also get regular security updates (including hot fixes pushed by Netgear).

FWIW, SMB 3 isn't enough to protect you from ransomware. Generally ransomware comes in through your PC, and it can spread to the NAS if the PC can access it. SMB 3 helps in enterprise networks (because it can limit the spread of the ransomware if you have a lot of PCs). But (IMO) it doesn't help much on home networks.

The best approaches are to use secure cloud backup (which generally does include some ransomware protection), or to have local backups of your data that can't be accessed by your PCs. Running real-time malware protection on the PCs can also help - though new malware might still get through.

Woodfield wrote:

5. Worse perhaps, although you can see your shares in a browser, you will be warned that the certificate used by Netgear is unsafe. Carry on at your own risk. In other words, the firm cannot even be bothered to update its certificate, never mind deal with an appropriate software update - despite the warning from Micorosoft.

You misunderstand certificates. Netgear can't provide a CA certificate for your NAS - because that certificate declares that Netgear owns it and that it is under their administrative control. Which of course isn't the case. Only you can get and install a CA certificate for your NAS. The process isn't easy (and that doesn't have anything to do with Netgear).

What Netgear can do is generate a self-signed certificate. That does allow the use of encrypted https, but it is vulnerable to man-in-the middle attacks (for instance, an evil server that intercepts transactions going to your bank website). Generally that's not a real threat on a home network - but it is a big problem with internet-hosted servers (and that is why the browsers give you those warnings).

BTW, I do still have a Duo v1 (and an NV+ v1) in service. Both are used as secondary backups for my primary NAS (an RN526). SMB is disabled on them altogether, they back up selected shares on the main NAS using rsync.
schumaku
Guru
Oct 31, 2019
Woodfield wrote:
1. With Windows 10 Fall update 2019 SMB 1.0 is automatically removed from your PC as unsafe.
Afraid, you seem to be very new to Windows 10 and all it's development and enhancement over the year. This started to happen years ago already, not much change on the Win 10 Fall Update (which is still a work in progress and not released for production). FMI start your reading here: https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows

Woodfield wrote:
2. If you read the Microsoft thread about this, they have been warning for a long time that it is a security issue:
Where was a lot written about a security vulnerabiity which affected both Windows and OS using SAMBA. In fact, the fixes were available in the field even before this made it to the public and a lot of copycats pushing started to make a lot of noise which appears to scare people until November 2019 (and it will continue much longer).

Woodfield wrote:
3. Has Netgear done anything to either warn users or update its firmware? Absolutely not. You just find out that after the Windows Update Raidar no longer allows you to browse your drive through Windows File Explorer. Wonderful.
Netgear released a firmware update back in 2017 also for your NAS addressing the CVE-2017-7494 vulnerability.^which allowed to access and write to any shared folders even if the users wasn't authorized.

Woodfield wrote:
4. The fix is to go to Windows services, ignore the security warnings and enable SMB 1.0. So Netgear forces you to risk being the victim of ransomeware etc.
The "big" vulnerability was fixed on both Windows and SAMBA source code - and deployed https://kb.netgear.com/000038792/RAIDiator-Version-4-1-16-Sparc Still, and shared folder legally accessible on a NAS, a Windows PC or Server, on a business class storage systems, ... can be encrypted by malware. Dropping SMB 1.0 does not change a s**t.

Woodfield wrote:
5. Worse perhaps, although you can see your shares in a browser, you will be warned that the certificate used by Netgear is unsafe. Carry on at your own risk. In other words, the firm cannot even be bothered to update its certificate, never mind deal with an appropriate software update - despite the warning from Micorosoft.
Well explained by StephenB above already.

Woodfield wrote:
6. It took me ages to find the above, albeit unsatisfactory, solution and that was only thanks to the pop ups from Microsoft guiding me to the problem.
I won't talk of the fact that SMB1 isn’t modern or efficient - many features have made it to the higher protocol versions. Some would (massively) help on these underpowered NAS system like yours - however, it has never happened. Other features are simply out of scope, like protocol signing or encryption

Enabling the CIFS/SMB 1.0 feature can be done in a very easy way on the Windows 10 systems: Just add/enable the CIFS/SMB 1.0 Client feature.

There are many legit reasons why users can and must continue using the SMB 1.0 [Items 1..3 stolen from a Microsoft blog, and extended:
You’re still running XP or WS2003 under a custom support agreement.
You have old management software that demands admins browse via the so-called ‘network' aka 'network neighbourhood’ master browser list.
You run old multi-function printers with old firmware in order to “scan to share”.
You operate legacy storage systems, legacy NAS models, ... only supporting SMB 1.0/CIFS.
- StephenB
  Guru
  Oct 31, 2019
  schumaku wrote:
  
  The "big" vulnerability was fixed on both Windows and SAMBA source code - and deployed https://kb.netgear.com/000038792/RAIDiator-Version-4-1-16-Sparc
  
  Woodfield - I'm not sure if you have a v1 or a v2 (your title says one thing, your model number field says something else).
  
  schumaku's link (4.1.16) is for the fix on the v1. It was also fixed on the v2 at the same time (5.3.13) - that link is here: https://kb.netgear.com/000038794/RAIDiator-arm-Version-5-3-13-for-ReadyNAS-Duo-v2-NV-v2
  
  If you aren't running the final firmware for your NAS, then you should update it.
  - Woodfield
    Aspirant
    Nov 10, 2019
    Thank you StephenB and schumaku for your replies. Much appreciated.
    
    However, when you write "This started to happen years ago already, not much change on the Win 10 Fall Update" I am afraid that does not accord with my experience.
    
    Prior to the update Radiator worked and I could browse the V1 (my version error but prompted by the infexibility in the way Netgear gives options). After the update Radiator would not locate and allow me to browse. Adding back the support for the protocol solved the issue but took me ages to find.
    
    My real grouse is with a vendor attitude that says what you have got is old; and therefore we could not care less. Go and buy a new one. That is both wasteful and arrogant. My drive works fine and, yes, I also back up everything to OneDrive.

Forum Discussion

ReadyNAS Duo v2 Windows 10 2019 Fall Update SEcurity and Shares

20 Replies

Related Content

SOLVED: ReadyNAS Backups of new Windows 11 PC

Cannot access ReadyNAS Duo from Windows 11

Difficulty accessing Readynas with windows explorer

Windows 10 Security Certificate problem.

aggiornamento Windows 10 ReadyNAS duo

NETGEAR Academy

ProSupport for Business